［已上传日志,帮我看看］顶住，不要沉 bbs.ikaka.com

moyi - 2006-9-15 8:09:00

病毒是杀掉了一堆，但是有的ＥＸＥ文件也都不见了，像Hijackthis，FlashGet，FastAIT，等等的ＥＸＥ文件都没了，是怎么回事？

mopery - 2006-9-15 8:16:00

病毒名..

moyi - 2006-9-15 8:25:00

病毒名称
Trojan.PSW.QQGame.v
Trojan.PSW.LMir.ktn
Trojan.PSW.Liumazi.a
Trojan.PSW.LMir.ktn
Trojan.PSW.Liumazi.a
Trojan.PSW.QQGame.v
Trojan.PSW.QQGame.x
Trojan.DL.Agent.krb
未知病毒

moyi - 2006-9-15 8:25:00

RootKit.Vanti.kn
Rootkit.Vanti.kx
Trojan.PSW.QQGame.x
Trojan.PSW.LMir.ktn
Trojan.PSW.JHOnline
Trojan.PSW.JHOnline
Trojan.PSW.JHOnline
Trojan.PSW.JHOnline
Trojan.PSW.JHOnline
Trojan.PSW.JHOnline
Trojan.PSW.JHOnline
Trojan.PSW.Lineage.lcd

moyi - 2006-9-15 8:25:00

Trojan.DL.Agent.krv
Trojan.PSW.WoWar.gt
Trojan.PSW.LMir.ktn
Trojan.PSW.LMir.ktn
Trojan.PSW.LMir.ktn
Trojan.PSW.Liumazi.go
Trojan.Multidrop.c
Trojan.PSW.QQPass.psq
Trojan.PSW.Lineage.yt
Trojan.PSW.ZhengTu.fz
Trojan.PSW.Misc.dv
Trojan.DL.Agent.ldt
Trojan.PSW.Misc.dv
未知病毒

moyi - 2006-9-15 8:25:00

Trojan.Clicker.Agent.acd
Trojan.Clicker.Qhost.i
Trojan.Clicker.Qhost.i
Trojan.Agent.djp
Trojan.Delf.bak
Dropper.QQHelper.a
Dropper.Misc.at
Dropper.QQHelper.a
Trojan.DL.Agent.kng
Trojan.StartPage.gm
Trojan.DL.Mashaji.a
Trojan.DL.Mashaji.a
Trojan.PSW.QQPass.fz
Trojan.PSW.QQPass.fz
Trojan.PSW.Misc.dv
Trojan.DL.Agent.ldt
Trojan.Multidrop.c

moyi - 2006-9-15 8:25:00

Trojan.Klone.av
Dropper.Agent.ya
Trojan.DL.Small.nzw
Trojan.Clicker.Agent.agq
Trojan.DL.Small.oaz
Trojan.DL.Agent.lpx
Trojan.DL.Agent.lpu
Trojan.DL.Delf.dbg
Trojan.DL.Agent.ldt
Trojan.DL.Delf.ded
Trojan.DL.Agent.lpu
Dropper.Agent.dpq
Dropper.Agent.ya
Trojan.DL.Small.oaz
Trojan.DL.Mashaji.a
Trojan.Multidrop.c
Trojan.DL.Agent.apb
Trojan.DL.Mashaji.a
Trojan.DL.Small.nzw
Trojan.DL.Agent.lpu
Trojan.DL.Delf.dbg
Trojan.DL.Delf.cze

moyi - 2006-9-15 8:25:00

Dropper.Agent.ya
Trojan.Multidrop.c
Trojan.Klone.av
Dropper.Agent.ya
Trojan.DL.Small.oaz
Trojan.DL.Small.nzw
Trojan.DL.Agent.lpx
Trojan.DL.Agent.lpu
Trojan.PSW.Misc.dv
Trojan.PSW.Misc.dv
Trojan.PSW.Misc.dw
Trojan.PSW.QQPass.fz
Trojan.PSW.Misc.kdp
Trojan.DL.Delf.dbg
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee

moyi - 2006-9-15 8:26:00

Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee

moyi - 2006-9-15 8:26:00

Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dbg
Trojan.DL.Delf.dbg
Trojan.DL.Delf.dee
Trojan.DL.Delf.dee

moyi - 2006-9-15 8:26:00

Trojan.DL.Delf.dee
Trojan.DL.Delf.dee
Trojan.DL.Delf.dbg
Trojan.DL.Delf.dbg
Trojan.PSW.Misc.dw
Trojan.PSW.Misc.dv
Trojan.PSW.Lineage.ljw
Trojan.PSW.Lineage.ljw
Trojan.PSW.Lineage.ljw
Trojan.PSW.Lineage.ljw

moyi - 2006-9-15 8:27:00

以上是杀掉的病毒名称，有很多一样的，

deadmanzj - 2006-9-15 8:29:00

晕了晕了。。。路径？？？？？？？？

mopery - 2006-9-15 8:35:00

成毒窝了..

http://forum.ikaka.com/topic.asp?board=28&artid=8105899
下载HijackThis...把日志帖上来..

http://forum.ikaka.com/topic.asp?board=28&artid=6979213 ⒊楼下载System Repair Engineer
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来，不要修改

0冰仔仔0 - 2006-9-15 8:37:00

我也有同样的问题，exe文件都消失了，连“文件夹选项”也消失了。

deadmanzj - 2006-9-15 8:38:00

自己开帖子去

moyi - 2006-9-15 8:42:00

HijackThis_815汉化版扫描日志 V1.99.1
保存于 8:32:30, 日期 2006-9-15
操作系统： Windows XP SP2 (WinNT 5.01.2600)
浏览器： Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
d:\program files\rising\rfw\rfwsrv.exe
D:\Program Files\Rising\Rav\Ravmond.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Rising\Rav\RavStub.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
D:\Program Files\Rising\Rav\RavTask.exe
D:\Program Files\Rising\Rav\Ravmon.exe
C:\WINDOWS\system32\ctfmon.exe
d:\program files\rising\rfw\RfwMain.exe
D:\Program Files\QQ2005\QQ.exe
D:\Program Files\QQ2005\TIMPlatform.exe
C:\WINDOWS\system32\conime.exe
C:\PROGRA~1\INTERN~1\iexplore.exe
D:\Program Files\Hijackthis1991zww\HijackThis1991zww.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5025.dll (file missing)
O2 - BHO: Microsoft Solo Browser Helper Object - {E3DB85B5-C559-4894-B474-42E89FAA1EFD} - C:\WINDOWS\system32\winmsd.dll
O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\kakatool.dll
O4 - 启动项HKLM\\Run: [RavTask] "D:\Program Files\Rising\Rav\RavTask.exe" -system
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - IE右键菜单中的新增项目: 上传到QQ网络硬盘 - D:\Program Files\QQ2005\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目: 添加到QQ自定义面板 - D:\Program Files\QQ2005\AddPanel.htm
O8 - IE右键菜单中的新增项目: 添加到QQ表情 - D:\Program Files\QQ2005\AddEmotion.htm
O8 - IE右键菜单中的新增项目: 用QQ彩信发送该图片 - D:\Program Files\QQ2005\SendMMS.htm
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\cdnns.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\wshcon32.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\wshcon32.dll
O14 - IERESET.INF: START_PAGE_URL=about:blank
O14 - IERESET.INF: MS_START_PAGE_URL=about:blank
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {ACFE8232-03C5-4AEC-AF5E-42B806724096} (KSHScan Control) - http://safe.qq.com/scan/KAllScan.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE88647B-A2D2-4E45-BDC7-3F9DFFE06308}: NameServer = 61.130.254.34,61.130.254.35
O23 - NT 服务: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - NT 服务: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - NT 服务: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwproxy.exe
O23 - NT 服务: Rising Personal Firewall Service (RfwService) - Beijing Rising Technology Co., Ltd. - d:\program files\rising\rfw\rfwsrv.exe
O23 - NT 服务: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE
O23 - NT 服务: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - D:\Program Files\Rising\Rav\Ravmond.exe

moyi - 2006-9-15 8:46:00

SREng日志正在分段上传

moyi - 2006-9-15 8:52:00

2006-09-15,08:34:56

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> []
<run><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RavTask><"D:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [Microsoft Corporation]
<Userinit><userinit.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Alcmtr><; ALCMTR.EXE> [Realtek Semiconductor Corp.]
<BigDogPath><; C:\WINDOWS\VM_STI.EXE USB PC Camera 301P> []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<High Definition Audio Property Page Shortcut><; HDAShCut.exe> [Windows (R) Server 2003 DDK provider]
<iDuba Personal FireWall><; > []
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [Microsoft Corporation]
<Kavrun><; > []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
<Load><; ?粓?
?> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<NeroFilterCheck><; C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [Microsoft Corporation]
<RTHDCPL><; RTHDCPL.EXE> [Realtek Semiconductor Corp.]
<spoolsv><; C:\WINDOWS\system32\spoolsv\spoolsv.exe -printer> []
<Torjan Program><; C:\WINDOWS\WINLOGON.EXE> []

==================================
启动文件夹
服务
[C-DillaCdaC11BA / C-DillaCdaC11BA]
<C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>
[C-DillaSrv / C-DillaSrv]
<C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE><C-Dilla Ltd>
[Macromedia Licensing Service / Macromedia Licensing Service]
<"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Proxy Service / RfwProxySrv]
<d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
<d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
<D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
<"D:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
[MyIEHelper Class]
{16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5025.dll, N/A>
[Windows ToyClass]
{E3DB85B5-C559-4894-B474-42E89FAA1EFD} <C:\WINDOWS\system32\winmsd.dll, Microsoft Corporation>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[KSHScan Control]
{ACFE8232-03C5-4AEC-AF5E-42B806724096} <C:\WINDOWS\system32\kingsoft\ONLINE~1\KSHScan.ocx, kingsoft>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[MyIEHelper Class]
{16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5025.dll, N/A>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[NMChatX Control]
{D7F0CC2E-FB09-4B38-B9A7-6807CBCD4859} <C:\WINDOWS\system32\NMChatX.ocx, Netmarble>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\kakatool.dll, Beijing Rising Technology Co., Ltd.>
[Windows ToyClass]
{E3DB85B5-C559-4894-B474-42E89FAA1EFD} <C:\WINDOWS\system32\winmsd.dll, Microsoft Corporation>
[上传到QQ网络硬盘]
<D:\Program Files\QQ2005\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<D:\Program Files\QQ2005\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\Program Files\QQ2005\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\Program Files\QQ2005\SendMMS.htm, N/A>

==================================
正在运行的进程
[PID: 412][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 484][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 524][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 576][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\wshcon32.dll] <><4, 1, 0, 0>
[PID: 588][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 744][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 804][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\wshcon32.dll] <><4, 1, 0, 0>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[PID: 868][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\wshcon32.dll] <><4, 1, 0, 0>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[PID: 924][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1000][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>

moyi - 2006-9-15 9:00:00

[PID: 1028][D:\PROGRAM FILES\RISING\RAV\CCENTER.EXE] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 1044][d:\program files\rising\rfw\rfwsrv.exe] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 33>
[d:\program files\rising\rfw\RfwRule.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 13>
[d:\program files\rising\rfw\rfwlog.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 6>
[d:\program files\rising\rfw\Rfwdrv.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 21>
[d:\program files\rising\rfw\MonDrv.dll] <rs><1, 0, 0, 4>
[d:\program files\rising\rfw\ProcLib.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 9>
[d:\program files\rising\rfw\mPorts.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
[PID: 1056][D:\Program Files\Rising\Rav\Ravmond.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 35>
[D:\Program Files\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[D:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[D:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[D:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\Program Files\Rising\Rav\RsLog.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 20>
[D:\Program Files\Rising\Rav\HOOKSYS.dll] <Beijing Rising Technology Co., Ltd.><18, 1, 0, 11>
[D:\Program Files\Rising\Rav\Scanner.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 32>
[D:\Program Files\Rising\Rav\libload.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[D:\Program Files\Rising\Rav\VirusLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 12>
[D:\Program Files\Rising\Rav\regmon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[D:\Program Files\Rising\Rav\HookWeb.dll] <rising><18, 0, 0, 2>
[D:\Program Files\Rising\Rav\MemMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 10>
[D:\Program Files\Rising\Rav\expscan.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\Program Files\Rising\Rav\mPorts.dll] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 3>
[D:\Program Files\Rising\Rav\MailMon.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[D:\Program Files\Rising\Rav\SpamEng.dll] <N/A><18, 0, 0, 6>
[D:\Program Files\Rising\Rav\engine.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 34>
[C:\WINDOWS\system32\wshcon32.dll] <><4, 1, 0, 0>
[D:\Program Files\Rising\Rav\PostTrt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 15>
[D:\Program Files\Rising\Rav\UnExe.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[D:\Program Files\Rising\Rav\ScanExec.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[D:\Program Files\Rising\Rav\ScanEx.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[D:\Program Files\Rising\Rav\RSUnpack.dll] <Beijing Rising Technology Co., Ltd.><1, 0, 0, 13>
[D:\Program Files\Rising\Rav\NvFile.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 7>
[D:\Program Files\Rising\Rav\ScanMac.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 9>
[D:\Program Files\Rising\Rav\ScanSct.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 18>
[D:\Program Files\Rising\Rav\Unpacker.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\Program Files\Rising\Rav\ScanNet.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[D:\Program Files\Rising\Rav\ExtOLE.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 6>
[D:\Program Files\Rising\Rav\ScanElf.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 3>
[PID: 1332][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\CNMLM3y.DLL] <CANON INC.><1.52.2.0>
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD3y.DLL] <CANON INC.><1.52.2.0>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[PID: 1452][D:\Program Files\Rising\Rav\RavStub.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 16>
[D:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[PID: 1788][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\AcSignIcon.dll] <Autodesk><16.0.0.86>
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] <Autodesk><16.0.0.86>
[C:\WINDOWS\system32\nvcpl.dll] <NVIDIA Corporation><6.14.10.8040>
[C:\WINDOWS\system32\nvshell.dll] <NVIDIA Corporation><6.14.10.10525>
[C:\Program Files\Common Files\Adobe\Shell\PSICON.DLL] <Adobe Systems, Incorporated><7.0>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\Program Files\QQ2005\qdshm.dll] <><1, 0, 101, 20>
[D:\Program Files\QQ2005\TIMProxy.dll] <tencent><0, 3, 2, 4>
[C:\WINDOWS\system32\winmsd.dll] <Microsoft Corporation><2, 0, 0, 1>
[PID: 1948][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.8040>
[PID: 1976][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2012][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 696][D:\Program Files\Rising\Rav\RavTask.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 22>
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[D:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[D:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[PID: 764][D:\Program Files\Rising\Rav\Ravmon.exe] <Beijing Rising Technology Co., Ltd.><18, 0, 1, 33>
[D:\Program Files\Rising\Rav\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 26>

moyi - 2006-9-15 9:03:00

[D:\Program Files\Rising\Rav\BWList.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 19>
[D:\Program Files\Rising\Rav\RSAPPMGR.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 2>
[D:\Program Files\Rising\Rav\CfgDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 11>
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\Program Files\Rising\Rav\RsCommX.dll] <rising><18, 0, 0, 1>
[D:\Program Files\Rising\Rav\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 832][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 392][d:\program files\rising\rfw\RfwMain.exe] <Beijing Rising Technology Co., Ltd.><4, 0, 0, 52>
[d:\program files\rising\rfw\RsGuiLib.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 23>
[d:\program files\rising\rfw\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[d:\program files\rising\rfw\PngDll.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 5>
[PID: 1560][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\wshcon32.dll] <><4, 1, 0, 0>
[PID: 3908][D:\Program Files\QQ2005\QQ.exe] <TENCENT><0, 0, 0, 0>
[D:\Program Files\QQ2005\QQBaseClassInDll.dll] <><1, 0, 0, 1>
[D:\Program Files\QQ2005\QQHelperDll.dll] <><1, 0, 0, 1>
[D:\Program Files\QQ2005\BasicCtrlDll.dll] <Tencent><5, 0, 200, 370>
[D:\Program Files\QQ2005\QQAPI.dll] <><1, 0, 0, 1>
[D:\Program Files\QQ2005\TIMProxy.dll] <tencent><0, 3, 2, 4>
[D:\Program Files\QQ2005\LoginCtrl.dll] <><1, 0, 0, 1>
[D:\Program Files\QQ2005\npkcntc.dll] <INCA Internet Co., Ltd.><2006, 6, 27, 1>
[D:\Program Files\QQ2005\npkpdb.dll] <INCA Internet Co., Ltd.><2003, 10, 1, 1>
[D:\Program Files\QQ2005\QQRes.dll] <tencent><1, 0, 0, 1>
[D:\Program Files\QQ2005\QQMainFrame.dll] <N/A><N/A>
[D:\Program Files\QQ2005\CQQApplication.dll] <N/A><N/A>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\WINDOWS\system32\wshcon32.dll] <><4, 1, 0, 0>
[D:\Program Files\QQ2005\NewSkin.dll] <><1, 0, 0, 1>
[D:\Program Files\QQ2005\HostingMgr.dll] <><1, 0, 0, 1>
[D:\Program Files\QQ2005\CameraDll.dll] <><1, 0, 0, 1>
[D:\Program Files\QQ2005\MailSummary.dll] <><1, 0, 0, 1>
[D:\Program Files\QQ2005\QQSpace.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[D:\Program Files\QQ2005\QQGroupMng.dll] <><1, 0, 0, 1>
[D:\Program Files\QQ2005\GroupLive.dll] <N/A><N/A>
[D:\Program Files\QQ2005\UserDefinedHead.dll] <><1, 0, 0, 1>
[D:\Program Files\QQ2005\QQPlugin.dll] <N/A><N/A>
[D:\Program Files\QQ2005\QQConfigPlugin.dll] <><1, 0, 0, 1>
[D:\Program Files\QQ2005\QRingMng.dll] <N/A><N/A>
[D:\Program Files\QQ2005\PhoneAPI.dll] <><1, 0, 0, 1>
[D:\Program Files\QQ2005\DialerAllinOne.dll] <tencent><1, 4, 0, 0>
[D:\Program Files\QQ2005\VPortal.dll] <><1, 0, 0, 4>
[D:\Program Files\QQ2005\QQAvatar.dll] <N/A><N/A>
[D:\Program Files\QQ2005\FlashAvatarDll.dll] <><1, 4, 0, 1>
[D:\Program Files\QQ2005\LongConnection.dll] <tencent><5, 0, 200, 160>
[D:\Program Files\QQ2005\QQPet.dll] <><1, 0, 0, 1>
[D:\Program Files\QQ2005\QQSysMsgMng.dll] <N/A><N/A>
[D:\Program Files\QQ2005\BQQApplication.dll] <N/A><N/A>
[D:\Program Files\QQ2005\QQAllInOne.dll] <N/A><N/A>
[D:\Program Files\QQ2005\SCCore.dll] <TENCENT><2, 0, 0, 1>
[D:\Program Files\QQ2005\QQCustomFace.dll] <N/A><N/A>
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] <Adobe Systems, Inc.><9,0,16,0>
[D:\Program Files\QQ2005\QQSceneMng.dll] <N/A><N/A>
[D:\Program Files\QQ2005\ImageOle.dll] <TODO: <Company name>><1.0.0.1>
[D:\Program Files\QQ2005\GroupConnection.dll] <Tencent><0, 3, 3, 5>
[D:\Program Files\QQ2005\CommercesMng.dll] <><1, 0, 0, 1>
[D:\Program Files\QQ2005\PersonalDesktop.dll] <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 2>
[D:\Program Files\QQ2005\QQAddr.dll] <深圳市腾讯计算机系统有限公司><5, 0, 101, 240>
[D:\Program Files\QQ2005\QQNetDisk.dll] <深圳腾讯科技><8, 0, 101, 14>
[C:\WINDOWS\system32\AcSignIcon.dll] <Autodesk><16.0.0.86>
[D:\Program Files\QQ2005\QQSettingCtrl.dll] <><1, 0, 0, 1>
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] <Autodesk><16.0.0.86>
[D:\Program Files\QQ2005\qdshm.dll] <><1, 0, 101, 20>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\WINDOWS\system32\RavExt.dll] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[C:\WINDOWS\system32\nvcpl.dll] <NVIDIA Corporation><6.14.10.8040>
[C:\WINDOWS\system32\nvshell.dll] <NVIDIA Corporation><6.14.10.10525>
[PID: 3980][D:\Program Files\QQ2005\TIMPlatform.exe] <tencent><0, 3, 1, 8>
[D:\Program Files\QQ2005\TIMProxy.dll] <tencent><0, 3, 2, 4>
[PID: 3880][C:\WINDOWS\system32\conime.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3916][C:\PROGRA~1\INTERN~1\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\kakatool.dll] <Beijing Rising Technology Co., Ltd.><2, 0, 0, 9>
[C:\WINDOWS\system32\AcSignIcon.dll] <Autodesk><16.0.0.86>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\WINDOWS\system32\wshcon32.dll] <><4, 1, 0, 0>
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] <Autodesk><16.0.0.86>
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] <Adobe Systems, Inc.><9,0,16,0>
[C:\WINDOWS\system32\winmsd.dll] <Microsoft Corporation><2, 0, 0, 1>
[D:\Program Files\Rising\Rav\RSCOMMON.DLL] <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
[D:\Program Files\QQ2005\TIMProxy.dll] <tencent><0, 3, 2, 4>
[PID: 2052][C:\Documents and Settings\new\桌面\sreng2\SREng2\SREng.exe] <Smallfrogs Studio><2.0.21.505>
[C:\WINDOWS\system32\cdnns.dll] <CNNIC><2, 0, 0, 0>
[C:\WINDOWS\system32\wshcon32.dll] <><4, 1, 0, 0>

==================================
文件关联
.TXT Error. [notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. [hh.exe %1]
.HLP Error. [winhlp32.exe %1]
.INI Error. [notepad.exe %1]
.INF Error. [notepad.exe %1]
.VBS Error. [wscript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

moyi - 2006-9-15 9:03:00

网速也很慢很慢，，，帮我看看，系统是不是要重新安装啊．．．

mopery - 2006-9-15 9:08:00

O2 - BHO: MyIEHelper Class - {16B770A0-0E87-4278-B748-2460D64A8386} - C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5025.dll (file missing)
参考:http://csc.rising.com.cn/KnowledgeBase/detailInfo.aspx?Action=ViewInfo&InfoID=718&Channel=RSV

修复
O2 - BHO: Microsoft Solo Browser Helper Object - {E3DB85B5-C559-4894-B474-42E89FAA1EFD} - C:\WINDOWS\system32\winmsd.dll
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
删除
C:\WINDOWS\system32\winmsd.dll

O10 - 未知的文件在 Winsock LSP: c:\windows\system32\wshcon32.dll
O10 - 未知的文件在 Winsock LSP: c:\windows\system32\wshcon32.dll
需要用LSPFix 来修复..
LSPFix(汉化版) 下载地址:http://forum.ikaka.com/topic.asp?board=67&artid=5188931
(8楼...)
同时下载WinsockXPFix.exe...(2楼...)
----------------------------------------------------------------
先运行LSPFix ... 勾上我确定要进行修复操作 ...
然后将wshcon32.dll移到右边...点下完成...
----------------------------------------------------------------
如果在操作之后不能上网...请用WinsockXPFix.exe 修复一下即可...安全模式下..

mopery - 2006-9-15 9:11:00

打开SRE 系统修复修复文件关联..

<Torjan Program><; C:\WINDOWS\WINLOGON.EXE> []
参考:http://forum.ikaka.com/topic.asp?board=28&artid=8141143
下载幸福的狮子编写的专杀查杀..

打开SRE 启动项目注册表删除
<iDuba Personal FireWall><; > []
<Kavrun><; > []

<Load>编辑改成空值

http://www.pctutu.com/srmsdown.asp (安装版)
http://download5.pctutu.com/soft/magicset78.zip (免安装版)
下载超级兔子..用超级兔子清理王在安全模式下卸载流氓软件...

wxy200x - 2006-9-15 9:25:00

这哥们电脑里好多游戏啊

moyi - 2006-9-15 10:04:00

用超级兔子清理王在安全模式下卸载流氓软件后，打开网络，还是会弹出其他网页来，http://click.uoolink.com/*
http://tv.mofile.com/*
http://www.371.com/*
等等，，，卡卡一定要手动添加，自动添加到黑名单根本添加不进去，每次弹出来的页面都不一样，，郁闷，

moyi - 2006-9-15 10:05:00

刚才升级了下瑞星，现在瑞星的版本是18.44.40．就杀到４个毒，等杀完再传上来看看，

moyi - 2006-9-15 10:31:00

病毒名称处理结果扫描方式路径文件病毒来源
Backdoor.Agent.ecm删除成功手动扫描C:\WINDOWS\system32\inetsrvcsrss.exe>>Unpack本机
Trojan.DL.Agent.apf删除成功手动扫描C:\WINDOWS\system32winmsd.dll本机
Trojan.DL.Agent.apf删除成功手动扫描C:\WINDOWS\system32wlbs.dll本机
Trojan.Clicker.Delf.dk删除成功手动扫描C:\WINDOWS\system325002ad.exe>>Unpack本机

moyi - 2006-9-15 10:35:00

顶下　不要沉

瑞星卡卡安全论坛